The company said an investigation had shown that the security breach may have occurred between 1st Jan 2016 and 22nd Dec 2017 for its partner platform and between 1st Jan 2016 and 22nd June 2016 for its consumer platform.
It is unclear exactly which information such as names, phone numbers, email and billing addresses may have been accessed or potentially stolen the travel website operator advised. They also said its website, Orbitz.com, was not impacted.
“To date, we do not have direct evidence that this personal information was actually taken from the platform and there has been no evidence of access to other types of personal information, including passport and travel itinerary information,” the company claimed.
